zkey kms refresh

Edit online

Use the zkey kms refresh command to reimport all, or a selection of encryption keys, or refresh key properties.

Figure 1. zkey kms refresh syntax

1  zkey kms ref? -N
<key_name>? -K
<key_type>? -l
+ ,<vol_name>?dm_name? -t
<vol_type>?  -P? --no-volume-check
where:
-N or --name <key_name>
Specifies the key name of the secure key. Use wildcards to refresh multiple secure keys. If you use wildcards, enclose the value in quotation marks.
-K or --key-type <key_type>
Refreshes keys with the specified key type. Possible values are CCA-AESDATA, CCA-AESCIPHER, or EP11-AES.
-l or --volumes <vol_name>
You can filter the list of keys to refresh by the volumes that are associated with a key. Use wildcards to refresh keys for multiple volumes. If you use wildcards, enclose the value in quotation marks.
-t or --volume-type <vol_type>
Refreshes keys with the specified volume type. Possible values are PLAIN or LUKS2.
-P or --refresh-properties
Updates the associated information, such as the textual description, associated volumes, volume type, and sector size, with the information stored in the key management system.
--no-volume-check
Omits checking if the volumes that are associated with the secure keys to be refreshed are available, or are already associated with other secure keys in the repository. This option has an effect only if specified together with the --refresh-properties option.

Examples

  • To refresh secure keys from EKMF Web whose name starts with sec.
    # zkey kms ref -N "sec*"
  • To refresh the secure key with the name seckey from EKMF Web including its properties:
    # zkey kms ref -N seckey -P